<?xml version="1.0" encoding="utf-8" ?>
   <access-policy>  
      <cross-domain-access>    
        <policy>      
           <allow-from http-request-headers="*">        
             <domain uri="*"/>      
           </allow-from>      
           <grant-to>       
             <resource include-subpaths="true" path="/"/>      
           </grant-to>    
        </policy> 
       </cross-domain-access>
     </access-policy>